Facebooks' "sexiest video" malware spreading virally, warn Sophos

“If you get a posting on your Facebook wall telling you "this is without doubt the sexiest video ever! 😛 😛 :P" which seems to be accompanied by a video titled "Candid Camera Prank [HQ]" then don't click on the video: it's a lead-in to malware. Clicking the link will take you to what seems […]

“If you get a posting on your Facebook wall telling you "this is without doubt the sexiest video ever! 😛 😛 :P" which seems to be accompanied by a video titled "Candid Camera Prank [HQ]" then don't click on the video: it's a lead-in to malware. Clicking the link will take you to what seems like a Facebook application which then tells you that your video player is out of date – and encourages you to download a file. If you do, then the same "video" plus link gets posted using your avatar to al your friends on Facebook -– meaning it is spreading virally,” warns Sophos. “File seems to install a adware called Hotbar, which generates revenue for the malware writer. (About Hotbar: "displays a dynamic toolbar and targeted pop-up ads based on its monitoring of Web-browsing activity. Toolbar appears in Internet Explorer and Windows Explorer, and contains buttons that can change depending on current Web page and keywords. Clicking a button on the toolbar may open an advertiser Web site or paid search site. Hotbar also installs graphical skins for IE, Outlook, and Outlook Express. Hotbar may collect user-related information and may silently download and run updates or other code from its servers.")

Demo:

[Source | Source]